Mark Schemes BTEC Level 3 National Extended Certificate in IT
Mark Scheme — Predicted Paper 1
Unit 1: Information Technology Systems
BTEC Level 3 National Extended Certificate in Information Technology
Paper Reference
RA10/IT/U1/PP1
Total marks
90
Series
Practice Paper — Spring 2026
This mark scheme has been prepared by RA10 for use with Predicted Paper 1. It follows the Pearson BTEC Level 3 mark scheme conventions for Unit 1 (AAQ 2025, Issue 5).
Using this mark scheme:
For short-answer questions, award the marks specified. "Accept any other appropriate/alternative response" means equivalent correct answers should be credited.
For levels-based questions, use the Level Descriptors holistically alongside the indicative content. Indicative content is not a checklist.
For revision purposes only. Not an official Pearson qualification document.
Question 1 — Hartley Academy (22 marks total)
(a)State one purpose of the file server on Hartley Academy's network.1 mark
Award one mark for any one of the following.
Centralised storage of files / documents (1)
Allows users to access their files from any computer on the network (1)
Controls access to shared files through user permissions (1)
Accept any other appropriate/alternative response
(b)Give two types of malware that could threaten Hartley Academy's network.2 marks
Award one mark for each correct type, up to a maximum of two marks.
Virus (1)
Ransomware (1)
Trojan / Trojan horse (1)
Spyware / keylogger (1)
Worm (1)
Adware (1)
Accept any other appropriate/alternative response
(c)Describe how a braille display allows a student with visual impairment to access digital course materials.3 marks
Award one mark per correct linked point, up to a maximum of three marks.
A braille display connects to the student's computer / device (1)
A screen reader sends text from the VLE / screen to the braille display (1)
Tiny rounded pins on the surface rise and fall to form braille characters (1)
The student reads the characters by touch / feel (1)
The display refreshes as the student moves through pages of content (1)
This allows a blind / visually impaired user to read digital text without audio output (1)
Accept any other appropriate/alternative response
(d)Explain two methods Hartley Academy could use to verify the identity of students logging into the VLE from home.4 marks
Award one mark for identification and one mark for an appropriate linked justification/expansion, up to a maximum of four marks.
Password (1) — a unique password known only to the student prevents any other person from accessing the account (1)
Multi-factor authentication / MFA (1) — a second verification step such as a code sent to the student's registered mobile device is required, meaning access is blocked even if the password is stolen (1)
Biometric login / fingerprint scan (1) — uses the student's unique biological characteristic so only the registered student can log in (1)
Security question (1) — the student must answer a question only they know, providing an additional layer of verification (1)
Accept any other appropriate/alternative response
(e)Discuss the implications for Hartley Academy of moving student files to cloud storage.6 marks — Levels
Indicative Content (not prescriptive — reward any well-developed point)
Cost savings — no need to maintain, upgrade or replace local file servers; predictable subscription model
Accessibility — students can access files from any device at home, benefiting remote learners and VLE use
Automatic backups and disaster recovery — no risk of losing all student work if local hardware fails
Scalability — storage can grow as the school expands without capital investment
Data security concerns — sensitive student records held by a third-party provider; requires strong data protection agreements
GDPR implications — student data (including minors) stored off-premise; school must ensure provider is GDPR compliant
Internet dependency — if school internet connection fails, staff and students lose access to files entirely
Vendor lock-in — switching cloud provider in future could be complex and costly
Staff training required — new workflows for saving, sharing, and managing files in the cloud
Parental consent may be required for storing pupil data off-premise
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Demonstrates basic application of knowledge about cloud storage that is partially relevant to the school's context. Considers only one or two implications with limited development. (AO2)
2
3–4
Demonstrates good application of knowledge about cloud storage to the school's context. Considers both benefits and drawbacks with some development of implications specific to Hartley Academy. (AO2/AO3a)
3
5–6
Demonstrates comprehensive application. Discusses multiple well-developed implications clearly related to a school context, covering benefits, risks (including data security and GDPR), and practical considerations such as internet dependency and training. (AO2/AO3a)
(f)Discuss the implications of phishing attacks on Hartley Academy.6 marks — Levels
Indicative Content
A successful phishing attack could result in a staff member's account credentials being stolen
Stolen credentials could allow an attacker to access the school's network, student records and HR data
Student personal data could be compromised, triggering a legal obligation to report the breach to the ICO
Financial fraud — staff may be tricked into making unauthorised payments or purchasing gift cards
Ransomware may be delivered via a phishing link, encrypting school files and disrupting lessons
Reputational damage — parents and students may lose trust in the school's data management
Staff training on recognising phishing emails is essential and relatively low cost
Email filtering software can reduce the number of phishing emails reaching staff inboxes
MFA on all accounts limits damage even if credentials are stolen
An acceptable use policy setting out staff responsibilities around email security
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic application. May simply state that phishing could lead to data loss. Limited application to school context. (AO2)
2
3–4
Good application. Discusses at least two distinct implications (e.g. data breach and reputation) and/or considers both the risks and at least one protective measure. Context-specific. (AO2/AO3a)
3
5–6
Comprehensive application. Covers multiple implications including data breach, GDPR reporting, ransomware risk, financial fraud, reputation, and several protective measures specific to a school environment. Balanced discussion. (AO2/AO3a)
Question 1 Total: 22 marks
Question 2 — Premier Payroll Ltd (22 marks total)
(a)Identify the cloud computing service model the managing director is proposing.1 mark
Award one mark for a correct response.
Software as a Service / SaaS (1)
Do not accept: IaaS / PaaS
(b)Explain one reason why Premier Payroll Ltd must use HTTPS when staff access the cloud-based system remotely.2 marks
Award one mark for identification and one mark for an appropriate linked justification/expansion.
HTTPS encrypts the data sent between the browser and the server (1) so that payroll and salary data cannot be read by a third party if the connection is intercepted (1)
HTTPS authenticates the server (1) ensuring staff are connecting to the genuine payroll system and not a fraudulent site (1)
(c)Describe three validation methods that could be used in the payroll software's data entry system.3 marks
Award one mark for each correct validation method (method name alone is sufficient), up to a maximum of three marks. Accept a brief description of what the method does.
Range check (1) — ensures numeric values such as salary fall within an acceptable range (1)
Format check (1) — ensures data matches expected format, e.g. National Insurance number format (1)
Presence check (1) — ensures required fields are not left empty (1)
Length check (1) — ensures data does not exceed a specified number of characters (1)
Type check (1) — ensures only the correct data type is entered, e.g. numbers in a numeric field (1)
Accept any other appropriate/alternative response
(d)Explain two benefits to Premier Payroll Ltd of moving to a SaaS payroll solution.4 marks
Award one mark for identification and one mark for linked justification, up to a maximum of four marks.
No upfront software purchase / no capital expenditure (1) — Premier Payroll pays a predictable monthly subscription, improving cash flow management (1)
Staff can access the system from any location with internet access (1) — enabling remote and flexible working, reducing office dependency (1)
Automatic software updates (1) — the payroll software is always up to date with the latest HMRC tax codes without manual IT intervention (1)
No server maintenance required (1) — the cloud provider manages hardware, freeing up Premier Payroll's IT staff time (1)
Accept any other appropriate/alternative response
(e)Discuss the implications for Premier Payroll Ltd of moving its payroll software to a SaaS solution.6 marks — Levels
Indicative Content
Cost savings — no upfront software purchase; predictable monthly subscription; no server hardware investment
Accessibility — staff can access payroll from any location with internet access
Automatic updates — software stays compliant with latest HMRC tax codes without manual IT work
Data security risks — sensitive employee and client payroll data is held by a third-party provider
Internet dependency — if connectivity fails, payroll cannot be processed, risking missed payment deadlines
GDPR compliance — must ensure SaaS provider meets UK GDPR; data processing agreement required
Training required — staff need training on the new system
Vendor lock-in — switching providers in future could be costly if data is in proprietary format
Integration — existing accounting and HR systems may require integration with the SaaS platform
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic application partially relevant to Premier Payroll's context. Considers only one or two implications with limited development. (AO2)
2
3–4
Good application covering both benefits and drawbacks for Premier Payroll Ltd. At least two implications clearly linked to the payroll services context. (AO2/AO3a)
3
5–6
Comprehensive application. Multiple well-developed implications including cost, accessibility, data security, GDPR and operational risks, clearly contextualised to a payroll services business. Balanced discussion. (AO2/AO3a)
(f)Draw a flowchart to show the process for secure staff access to the payroll system.6 marks
Award one mark for each appropriate stage shown, up to a maximum of six marks.
Marking Guidance:
Login page/start stage shown — 1 mark
Username/password stage shown — 1 mark
MFA/security check shown — 1 mark
Access to payroll dashboard shown — 1 mark
Logout or session timeout stage shown — 1 mark
Logical flow with arrows and annotations — 1 mark
Accept any other appropriate flowchart that shows the secure access process with clear sequence and annotations.
Question 2 Total: 22 marks
Question 3 — Crestford College (22 marks total)
(a)State the device that forms the central connection point in a star topology.1 mark
Award one mark for a correct response.
Switch (1)
Hub (1)
Accept switch or hub
(b)Give two advantages of a star topology over a ring topology.2 marks
Award one mark for each correct advantage, up to a maximum of two marks.
If one cable fails, only that device is affected — the rest of the network continues to function (1)
New devices can be added without disrupting other connections / easier to scale (1)
Fault finding is easier — the switch can identify the faulty port (1)
Better performance — each device has a dedicated connection to the switch (1)
Accept any other appropriate/alternative response
(c)Describe three measures the college could implement to protect staff against social engineering attacks.3 marks
Award one mark per correct measure described, up to a maximum of three marks.
Staff training / awareness training on recognising phishing emails (1)
Email filtering software to block suspicious messages before they reach staff inboxes (1)
Multi-factor authentication / MFA so access is blocked even if credentials are stolen (1)
Acceptable use policy requiring staff to report suspicious emails to IT (1)
Regular simulated phishing exercises to test staff awareness (1)
Strong password policy and regular password changes (1)
Accept any other appropriate/alternative response
(d)Explain two factors the college should consider when choosing between Wi-Fi and Ethernet.4 marks
Award one mark for identification and one mark for linked justification, up to a maximum of four marks.
Security (1) — Ethernet signals are confined to physical cables so cannot be intercepted wirelessly, making it more secure for handling sensitive HR and financial records (1)
Speed / performance (1) — Ethernet provides faster, more reliable data transfer than Wi-Fi, which can be affected by interference and shared bandwidth (1)
Cost of installation (1) — Ethernet cabling across the administration block requires significant installation cost, whereas Wi-Fi can be deployed with fewer cables (1)
Mobility (1) — Wi-Fi allows staff to move around the office with laptops and tablets, whereas Ethernet requires staff to remain at fixed desk locations (1)
Accept any other appropriate/alternative response
(e)Discuss the implications of choosing a star topology rather than a ring topology for Crestford College's administration block.6 marks — Levels
Indicative Content
Star: if one cable fails, only that computer is affected — rest of admin network continues working, essential for HR and finance systems
Star: fault finding is straightforward — the switch can identify the faulty port, reducing IT staff time
Star: adding new devices is easy without disrupting existing connections — scalable as the admin block grows
Star: requires a central switch — adds cost; if the switch fails, the entire admin network goes down
Ring: data travels predictably in one direction — but if any node or cable fails, the entire network may fail
Ring: generally lower initial cost as no central switch required
Star provides better performance under heavy concurrent use — 20 admin computers all in use simultaneously is better served by star
For sensitive admin data (HR, finance), reliability of star outweighs its higher cost
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic knowledge of star or ring topology. Limited application to the college context. (AO2)
2
3–4
Good application of topology knowledge to the administration block. Discusses both topologies with at least two implications relevant to the college. (AO2/AO3a)
3
5–6
Comprehensive application. Discusses fault tolerance, scalability, performance, cost, and the specific needs of an admin block running sensitive college data, with a balanced comparison. (AO2/AO3a)
(f)Discuss the considerations Crestford College should address when managing its online student community platform.6 marks — Levels
Indicative Content
Privacy — student data and coursework materials shared on the platform must be protected; GDPR considerations for student posts
Security — accounts must be protected against unauthorised access with strong authentication
Acceptable use policy — rules to prevent inappropriate, offensive or abusive content between students and tutors
Downtime — if the platform is unavailable, students cannot access lectures, impacting learning
Accessibility — platform must be usable on mobile devices and accessible for students with disabilities
Ease of use — students and tutors of varying IT ability need an intuitive interface
Integration — the platform must connect with the college's existing VLE and student record system
Training — staff and tutors need training to use and moderate the platform effectively
Cost — subscription or development costs must be weighed against educational benefit
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic knowledge. Considers one or two considerations with limited application to a college context. (AO2)
2
3–4
Good application covering several relevant considerations linked to Crestford College's situation. (AO2/AO3a)
3
5–6
Comprehensive application across multiple considerations (privacy/GDPR, security, AUP, accessibility, downtime, cost) clearly contextualised for a sixth-form college community platform. (AO2/AO3a)
Question 3 Total: 22 marks
Question 4 — Hargreaves Catering (24 marks total)
(a)Give one example of an embedded system that could be used in a commercial kitchen.1 mark
Award one mark for any appropriate example.
Temperature sensor (in an oven / refrigeration unit) (1)
Programmable Logic Controller (PLC) controlling a conveyor belt / mixing machine (1)
Automated portion control system (1)
IoT sensor monitoring food storage temperature (1)
Accept any appropriate embedded system used in kitchen/catering context
(b)Give two implications for Hargreaves Catering of using AI tools to automate meal planning.2 marks
Award one mark for each correct implication, up to a maximum of two marks.
Meals can be planned more efficiently, saving time for staff (1)
AI can process dietary requirements and nutritional targets across all 12 canteens simultaneously (1)
If the AI system fails or produces incorrect outputs, meal planning could be disrupted (1)
Staff who previously planned meals may need retraining or may have reduced responsibilities (1)
Cost savings from reduced manual planning time (1)
AI recommendations depend on accurate input data — errors in data produce poor recommendations (1)
Accept any other appropriate/alternative response
(c)Describe three differences between open-source and proprietary software.3 marks
Award one mark per correct difference, up to a maximum of three marks.
Open-source is free to use / no licence fee; proprietary software typically requires a licence fee (1)
Open-source source code is publicly available and can be modified; proprietary source code is closed (1)
Proprietary software usually includes dedicated vendor support; open-source relies on community forums (1)
Proprietary updates are professionally managed; open-source updates depend on community contributors (1)
Open-source has no vendor lock-in; proprietary may create dependency on a single supplier (1)
Accept any other appropriate/alternative response
(d)Explain two benefits to Hargreaves Catering of using cloud-based systems to manage operations across its 12 canteen sites.4 marks
Award one mark for identification and one mark for linked justification, up to a maximum of four marks.
Centralised data access (1) — meal planning, delivery schedules and stock levels can be viewed and updated in real time from all 12 canteen sites simultaneously (1)
Automatic system updates (1) — all 12 canteens run the latest version of the management software without manual installation visits to each site (1)
Scalability (1) — the company can add further canteen sites without significant additional IT infrastructure investment (1)
Remote access (1) — management can monitor and update operations from the central kitchen without travelling to individual canteens (1)
Accept any other appropriate/alternative response
(e)Discuss the implications for Hargreaves Catering of choosing open-source catering software compared with the current proprietary package, with particular reference to security.6 marks — Levels
Indicative Content
Open-source: source code publicly available — security researchers can identify vulnerabilities quickly
Open-source: same visibility means malicious actors can study code to find exploits
Open-source: updates/patches may depend on community contributors — could be slower than proprietary vendor
Proprietary: dedicated vendor security team issues patches regularly as part of the £6,000 annual fee
Proprietary: vendor accountability — if a known vulnerability leads to a breach, the company has recourse
Proprietary: professional support including security guidance included in licence
Open-source: no vendor lock-in; but may lack enterprise-grade security features like audit trails
For a food service company serving children, reliability and accountability may outweigh cost savings
Both options require additional security layers such as firewalls, staff training, and access controls
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic application of knowledge about open-source or proprietary software. Limited reference to security. (AO2)
2
3–4
Good application covering both software types in the Hargreaves context, discussing security implications from at least two angles. (AO2/AO3a)
3
5–6
Comprehensive application. Thorough discussion of security for both software types applied to the catering context, covering vendor accountability, patch management, community vs professional support, and the specific obligations of a company serving schools. (AO2/AO3a)
(f)Evaluate whether Hargreaves Catering should switch from its proprietary catering management software to a free open-source alternative. (Benefits; Drawbacks)8 marks — Levels
Indicative Content
BENEFITS: No annual licence fee — saves £6,000/year which could fund other improvements
BENEFITS: Source code can be modified to match Hargreaves' specific catering requirements
BENEFITS: No vendor dependency — not at risk if the proprietary vendor closes or changes pricing
BENEFITS: Large developer community may provide rapid bug fixes
DRAWBACKS: No dedicated vendor support — reliance on community help which may be slower
DRAWBACKS: May lack features specific to school catering management in the proprietary package
DRAWBACKS: Staff retraining required — cost and productivity loss during transition
DRAWBACKS: Compatibility with local authority systems used by the 12 schools may be reduced
DRAWBACKS: Ongoing IT staff time needed to configure, maintain and update the open-source solution
EVALUATION: For a company managing food for children, reliability, compliance and vendor support are critical — a £6,000 saving may not outweigh the risks of poor support and potential downtime in a food service setting
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–3
Basic application of knowledge about open-source vs proprietary software with limited reference to Hargreaves Catering. Only one side (benefits or drawbacks) considered. No evaluative conclusion. (AO2)
2
4–6
Good application covering both benefits and drawbacks, applied to Hargreaves Catering's context. Some attempt at evaluation or recommendation, though not fully developed. (AO2/AO3a/AO3b)
3
7–8
Comprehensive application thoroughly contextualised to Hargreaves Catering as a school meals provider. Analyses multiple benefits and drawbacks in detail and draws a justified conclusion weighing the financial saving against the risks of support gaps, retraining costs, compliance and reliability. (AO2/AO3a/AO3b)